Merge pull request #523 from zowe/bugfix/saf-check-on-get-plugins

parameter fix for semi auth
zowe · Dec 28, 2023 · 698a5ea · 698a5ea
2 parents 0cc59f6 + 9aa80ff
commit 698a5ea
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,7 +2,11 @@
 
 All notable changes to the Zlux Server Framework package will be documented in this file..
 This repo is part of the app-server Zowe Component, and the change logs here may appear on Zowe.org in that section.
-
+
+## 2.14.0
+- Bugfix: A call to GET /plugins would trigger an authorization check regardless of if rbac was set on or off
+
+
 ## 2.13.0
 - Added support for using zowe.network and components.app-server.zowe.network to set listener IP and TLS properties including max and min version, ciphers, and ECDH curves. (#511)
 - Enhanced cipher customization to allow for ciphers to be specified in IANA format in addition to the existing OpenSSL format. (#511)

diff --git a/lib/webauth.js b/lib/webauth.js
@@ -500,7 +500,7 @@ module.exports = function(authManager, cookieIdentifier, isSecurePort) {
         authLogger.debug(`${req.session.id}: Initiating isAuthorized check with ${handler.pluginID}`);        
         result = yield handler.authorized(req, authPluginSession, {
           syncOnly: isWebsocket,
-          bypassAuthorizatonCheck: !authManager.isRbacEnabled
+          bypassAuthorizatonCheck: !authManager.isRbacEnabled()
         });
         next();
         return;